summaryrefslogtreecommitdiffstats
path: root/roles/openshift_hosted/tasks/registry/registry.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_hosted/tasks/registry/registry.yml')
-rw-r--r--roles/openshift_hosted/tasks/registry/registry.yml16
1 files changed, 14 insertions, 2 deletions
diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml
index d89ce855a..0b8042473 100644
--- a/roles/openshift_hosted/tasks/registry/registry.yml
+++ b/roles/openshift_hosted/tasks/registry/registry.yml
@@ -56,12 +56,24 @@
openshift_hosted_registry_force:
- False
+- name: Create the registry service account
+ oc_serviceaccount:
+ name: "{{ openshift_hosted_registry_serviceaccount }}"
+ namespace: "{{ openshift_hosted_registry_namespace }}"
+
+- name: Grant the registry serivce account access to the appropriate scc
+ oc_adm_policy_user:
+ user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"
+ namespace: "{{ openshift_hosted_registry_namespace }}"
+ resource_kind: scc
+ resource_name: hostnetwork
+
- name: oc adm policy add-cluster-role-to-user system:registry system:serviceaccount:default:registry
oc_adm_policy_user:
- user: system:serviceaccount:default:registry
+ user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}"
+ namespace: "{{ openshift_hosted_registry_namespace }}"
resource_kind: cluster-role
resource_name: system:registry
- state: present
- name: create the default registry service
oc_service:
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-24 09:04:16 +0000